txt
# openssl req -nodes -new -x509 -keyout private/cakey.pem -out cacert.pem
The -nodes prevents the resulting certificate from being encrypted. This is necessary
for use with sendmail because sendmail must be able to start unattended without the
need for an operator to type in a password each time.
The last command is a two-step process combined into one. The -keyout private/
cakey.pem command creates an encryption key that will be used to sign the certificate:
Generating a 1024 bit RSA private key
.........++++++
.........................++++++
writing new private key to `private/cakey.pem??
This step can be slow on older systems, especially those that lack a good random
number generator (one without sufficient entropy). You may, for example, be
required to rapidly type characters to help generate random events.
This key must be protected, so we place it in the private subdirectory. If anyone were
to access it, that person would be able to decrypt anything encrypted with it.
The second step creates the actual certificate. Because this is a standard X.509 certificate,
you will be prompted to fill in some X.509 information.* We suggest the following
answers for illustrative purposes only. Naturally, you need to enter information
specific to your situation and your site:
You are about to be asked to enter information that will be incorporated
into your certificate request.
Pages:
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396